Web services apparatus and methods

ABSTRACT

A method for use in a Web Services system includes providing access to a data repository and providing shadow attributes for use in conducting searches of the data repository.

CROSS REFERENCE TO RELATED APPLICATIONS

The present application claims the benefit of Provisional ApplicationsSer. Nos. 60/406,391; 60/406,399; 60/406,325; 60/406,328; 60/406,204;60/406,205; and 60/406,319 each of which was filed on Aug. 26, 2002 andthe contents of each of which are incorporated herein by reference.

BACKGROUND

1. Field

The present disclosure relates to UDDI Registry and Web Services ingeneral, and in particular to method(s), apparatus and system(s) used ingiving practical effect to such services.

2. Description of Related Art

UDDI (Universal Description, Discovery and Integration) is a set ofStandards that have been defined to enable applications that use WebServices to quickly, easily and dynamically interact with one another.UDDI is intended to create a platform-independent, open framework fordescribing services, discovering businesses and integrating systemservices using the Internet, as well as an operational registry. Referto the web site www.uddi.org for further details.

A UDDI registry provides valuable support to systems structured usingWeb Services. FIG. 1 a illustrates schematically basic Web Services andUDDI concepts. FIG. 1 b illustrates schematically a simplified protocolstack for the Web Services environment. UDDI provides a repository forWeb Services information and is itself provided by way of a Web Service.

UDDI enables applications to publish how they want to interact on theweb. Each ‘Web Service’ is a self-describing, self-contained, modularunit of application logic that provides some system functionality toother applications through an Internet connection. Applications accessWeb Services via ubiquitous web protocols and data formats, with no needto worry about how each Web Service is implemented. Web Services can bemixed and matched with other Web Services to execute a larger workflowor business transaction.

The UDDI Standards describe a specific-purpose repository that isintended to manage descriptions of Web Service types, businessorganizations, and details about how to invoke the Web Services. The.Standards do not necessarily specify how the Standards should beimplemented, nor whether the implementation should include storage usinga database, a Directory or any other medium.

At a web site hosted by the organisation responsible for the UDDIStandards (http://www.uddi.org/faqs.html) there are a number ofFrequently Asked Questions (FAQ). One of these questions is: “Can a UDDIregistry be built or based on LDAP?” In answer, this web site disclosesthat there is no formal relationship between UDDI and Directories. “TheUDDI specification does not dictate registry implementation details. TheUDDI specification defines an XML-based data model and a set of SOAPAPIs to access and manipulate that data model. The SOAP APIs define thebehaviour a UDDI repository exhibits. A UDDI implementation could bebuilt on an LDAP Directory as long as it conforms to the specifiedbehaviour. Thus far, all UDDI implementations have been built onrelational databases.”

It is to be noted that Directory technologies, such as X.500 and LDAP,are extensible, general-purpose data stores and their associatedlanguages that are most often used to manage users and resources. Theyare very well established technologies, widely adopted, and consideredvery stable and reliable.

However, implementing the UDDI Standards (available at www.uddi.org) ona Directory requires the solving of a number of problems. The UDDIStandards leave many important issues unaddressed, such as:

-   -   The UDDI Standard defines a number of objects, some of which are        related by a hierarchy, but UDDI does not define an        all-encompassing hierarchy. For example. Business Service        objects will come under Business Entity objects, and the Binding        Template objects will come under. Business Services. FIG. 2        illustrates an example of this hierarchy. Business Entity        objects are denoted 21, Business Services objects are denoted        22, and Binding Template objects are denoted 23. It is also to        be noted that TModel objects, denoted 24, for example, are not        hierarchically related to these objects. There are also other        concepts such as Publisher Assertions, for example, which are        not defined hierarchically.    -   creating an efficient implementation of the requirement that a        user be permitted to alter only those objects under his/her        control,    -   creating an efficient implementation that would allow UDDI        registries to be distributed,    -   creating an efficient implementation which enhances aspects of        management and performance of searching and update.    -   How to represent complex UDDI objects in a relatively efficient        way. For example Business Entity, Business Service, Binding        Template and/or TModel have compound repeating elements. In turn        these repeating elements could contain further repeating        elements. For example, a Business Entity may contain contacts        and the contacts may contain addresses. Addresses may contain        address lines and phone numbers. FIG. 13 illustrates        schematically a UDDI concept of a relatively complex object in a        Business Entity. The Business Entity object 131, includes, for        example. a number of attributes 132, such as AuthorizedName,        BusinessKey, and Name. The Name has one or more Name fields 133,        such as ‘text’ or this may be implicit in the ‘Name’ itself.        There is also ‘language’. There may be one or more of these        fields 133.    -   How to provide for relatively rapid searching for a specific        items contained in repeating elements.    -   How to represent UDDI information and requirements in hierarchy        of Directory objects,    -   How to manage deletion of UDDI objects and all their related        information in an efficient manner, and    -   How to optimize construction of intermediate search result        collections during search operations so that both Directory        access and iterative in-memory operations are minimized, taking        into account the Directory storage medium limitations. In        practice, Directory entries may be stored and returned in        arbitrary order, and Directory results may be too large to sort.    -   How to represent the data concerning a Publisher Assertion, in        an efficient way,    -   How to create an efficient implementation of Publisher        Assertions, particularly with regard to the implementation of        the findrelatedBusiness method,    -   How to implement efficient searching of Publisher Assertions by        relationship,    -   How to manage the validity of a Publisher Assertion,    -   How to restrict the assertions created and deleted for a        Business Entity are made by the owner of a Business Entity.    -   How to efficiently manage related collections of attributes, as        defined in the UDDI standard,    -   How to define attributes and objects to enhance the performance        of searching.

Various UDDI Schema have been proposed. However, none are considered toaddress at least the problems noted above. For example, one schemaprovides a relatively simplistic mapping of UDDI objects to Directoryobjects, without necessarily having regard to the complexities andoptimization to produce an efficient commercial implementation. It isalso unclear how a number of the UDDI services (the find_series, inparticular) can be implemented efficiently in such a schema.

For example, FIG. 14 illustrates schematically a Novell representationof a relatively complex object in a Business Entity. The Business Entityobject 141, includes for example a number of attributes 142, each havinga ‘type’ and ‘value’. As illustrated, there is AuthorizedName having avalue ‘Bill’, BusinessKey having a value ‘890.obale.890 . . . ’, andName having multi-values 143, 144 namely

-   -   en# CA    -   IN# CATS

The UDDI (FIG. 13) and Novell (FIG. 14) example representations are notconsidered to be efficient representations for Web Services.

Thus, there is a need to address the general problems noted above aswell as other problems to provide a relatively extensible, efficient andreliable implementation of UDDI based on a Directory.

SUMMARY

A method for use in a Web Services system comprises providing access toa data repository and providing shadow attributes for use in conductingsearches of the data repository.

A computer recording medium including computer executable code forperforming a method for use in a Web Services system comprises code forproviding access to a data repository and code for providing shadowattributes for use in conducting searches of the data repository.

BRIEF DESCRIPTION OF THE DRAWINGS

Further objects, advantages and aspects of the present disclosure may bebetter understood by reference to the following description of preferredembodiments taken in conjunction with the accompanying drawings, inwhich:

FIG. 1 a illustrates schematically some Web Services and UDDI concepts;

FIG. 1 b illustrates schematically a simplified protocol stack for theWeb Services environment;

FIG. 2 illustrates schematically a Hierarchy according to the relatedart;

FIG. 3 illustrates schematically a Directory Service Model according tothe related art;

FIG. 4 illustrates schematically the infrastructure components for aUDDI Service Model implemented using X.500 Directory technologyaccording to an embodiment of the present disclosure;

FIG. 5 illustrates schematically Service Projection, according to anembodiment of the present disclosure;

FIG. 6 illustrates schematically relationships between Binding Templateand TModel, according to an embodiment of the present disclosure;

FIG. 7 illustrates schematically how a TModel creates a relationshipbetween two entities, according to an embodiment of the presentdisclosure;

FIG. 8 illustrates a logical representation of a request to add aPublisher Assertion, according to an embodiment of the presentdisclosure;

FIG. 9 illustrates a logical representation of a constructor for UDDIdata objects according to an embodiment of the present disclosure;

FIG. 10 illustrates schematically placing Business Entities objectsunder User object(s);

FIG. 11 illustrates schematically placing Domain objects over Userobject(s);

FIG. 12 illustrates schematically an outline of the schema according toan embodiment of the present disclosure;

FIG. 13 illustrates schematically a UDDI concept of a relatively complexobject in a Business Entity according to the related art;

FIG. 14 illustrates schematically a Novell representation of arelatively complex object in a Business Entity;

FIG. 15 illustrates schematically the introduction of hierarchy inaccordance with an embodiment of the present disclosure for therepresentation of a relatively complex object in a Business Entity;

FIG. 16 illustrates schematically a Binding Template hierarchysub-structure according to an embodiment of the present disclosure;

FIG. 17 illustrates schematically a binding Template sub-structureflattened and/or merged; and

FIG. 18 is a block diagram of a computer system capable of implementingvarious aspects of the present disclosure.

DETAILED DESCRIPTION

In describing preferred embodiments of the present disclosureillustrated in the drawings, specific terminology is employed for sakeof clarity. However, the present disclosure is not intended to belimited to the specific terminology so selected and it is to beunderstood that each specific element includes all technical equivalentswhich operate in a similar manner.

FIG. 18 shows an example of a computer system which may implement themethod and system of the present disclosure. The system and method ofthe present disclosure may be implemented in the form of a softwareapplication running on a computer system, for example, a mainframe,personal computer (PC), handheld computer, server etc. The softwareapplication may be stored on a recording media locally accessible by thecomputer system, for example, floppy disk, compact disk, hard disk,etc., or may be remote from the computer system and accessible via ahard wired or wireless connection to a network, for example, a localarea network, or the Internet.

An example of a computer system capable of implementing the presentmethod and system is shown in FIG. 18. The computer system referred togenerally as system 180 may include a central processing unit (CPU) 182,memory 184, for example, Random Access Memory (RAM), a printer interface186, a display unit 188, a (LAN) local area network data transmissioncontroller 190, a LAN interface 192, a network controller 194, aninternal bus 196 and one or more input devices 198, for example, akeyboard, mouse etc. As shown, the system 180 may be connected to a datastorage device, for example, a hard disk, 200, via a link 202.

The following summarizes some of the salient features of embodiments ofthe present disclosure and a few of the advantages provided thereby.

According to an embodiment of the present disclosure, a repository layeris created above users so each repository can be placed on a differentserver. This Repository layer includes one or more Directory nodes whichcollectively form the Directory pre-fix. This may also be known as‘Domain’ or ‘Name’ of the Repository. An advantage of this is that itprovides a single place to hold information about a domain. The name ofthis node represents the Directory prefix.

A user object may be created to hold the data representing a UDDIaccount. An advantage of this is that it provides a single place to holdinformation about a user/account.

Business Entity object(s) may be arranged under User object(s), BusinessService object(s) under Business Entity object(s), and Binding Templateobject(s) under Business Service object(s). An advantage of this is thata repository or ‘domain’ layer above the user object layer enables anumber of repositories to be posted or logically connected together. Thedomain layer may be arranged in a number of levels, for example havingdifferent countries, AU, US, EP, etc., organized by continent.

Another advantage is that this feature may be given effect by use of theDistribution features of an X500 Directory. For example, to implementthis, a ‘World’, or ‘Corporation’ Node is placed at the top of thevirtual Directory tree, and a uniquely named Node is placed at the topof each UDDI sub-tree (UDDI Name Space). While invisible to users, these‘Node’ prefixes allow a UDDI repository to leverage Directorydistribution.

According to an embodiment of the present disclosure, the BusinessEntity objects can be made a child of the user object . Having auser/account over the Business Entity, Business Service and BindingTemplate hierarchy gives the effect of each user having their ownsub-tree. This enhances manageability and security. The user is readilyrestricted to modifying and/or controlling only their own sub-tree. Thisalso enhances performance by making use of Directory sub-tree searchoperations

According to an embodiment, TModels defined by a user can be madechildren of the user object , thus makes security easy to implement.This enhances manageability and security since the user can only modifyand/or control their own sub-tree. It also enhances performance bymaking use of Directory sub-tree search operations.

An embodiment of the present disclosure represents a ‘mapping’ of theUDDI environment using X.500/LDAP Directory technology. In particular,the hierarchy structure of the X.500 and LDAP Directory technology hasbeen found to be suitable to the UDDI environment. Careful design ofadditional elements (such as the user object) have made the hierarchyeven more suitable to the needs of the UDDI environment.

Throughout the present disclosure, the term Directory is to includeX.500, LDAP and similar technologies; the term ‘Users’ is understood toalso include ‘Accounts’ and visa versa; and the term ‘Repository’ isunderstood to also include ‘Directory Pre-fix’, ‘Domain’ and or ‘Node’and visa versa.

Web Services were originally envisaged to be services betweenorganizations for example businesses, partners, customers, suppliers. Inthis context, UDDI was envisaged as a single repository for the servicesthese organizations offer.

It is now apparent that Web Services and UDDI are useful within anenterprise to integrate applications inside an organization. It is alsoapparent that Web Services and UDDI can be used to integrate productsinside a product set from a given vendor. It is also applicable outsidethe commercial environment, in areas such as government departments,large educational institutions, and many other instances ofnon-commercial entities.

The following description, although described with respect to anenterprise, has equal applicability to any type of environment andparticular applicability to the above-mentioned types of environments.

An enterprise UDDI registry can be a service that can be deployed withinthe Enterprise to publish information and services for internalconsumption. In addition, an Enterprise UDDI service may be leveraged toprovide other functions, such as configuration discovery for distributedapplications.

Web Services are being driven by the desire to quickly and easilyintegrate business processes, both internally and with partners. Onecomponent of using Web Services effectively is a public UDDI registrythat enables software components to dynamically discover and connect toappropriate services across the Internet. Web Services also offer thepromise of being able to integrate business processes within theEnterprise. In this case, the UDDI registry can become a piece of anorganization's infrastructure (e.g., an important Enterpriseapplication) and therefore provide the highest levels of security,performance, reliability and manageability. Directory technologyprovides an ideal foundation to support the stringent requirements of anEnterprise UDDI Registry.

An Enterprise UDDI registry can be defined as one that deliversStandards-compliant support for UDDI, but goes beyond it to address fourareas for deployment. These areas include SECURITY to restrict access toauthorized users only, DISTRIBUTION to support large deployments,MANAGEABILITY for a true production system and AVAILABILITY to meetservice level agreements.

Strong security may be an important requirement for certain Enterprisedeployments. A public UDDI registry exists for the sole purpose ofhelping anyone discover available services. An UDDI registry exists forthe sole purpose of having the right people discover these services.This is an important distinction.

An Internet UDDI registry is considered inappropriate for deploying WebServices in an enterprise. For example, definitions of a Web Servicethat interfaces to a payroll system or to an employees' benefitsmanagement application would not be posted to an Internet UDDI Registry.

Security requirements may also mean that even an internally deployedUDDI registry provide strong access controls. This is because a UDDIregistry essentially presents a tutorial on what can be done and how todo it. A UDDI registry provides a business-level description of anyavailable Web Service and directions to the WSDL that completely definethe programmatic interface to those services. This provides ahigh-productivity tool for application developers, as well as hackers.

Accordingly, it is desirable to restrict access to interface definitionsfor financially sensitive or confidential (such as medical records)systems. Even within the development organization, it may be wise torestrict access to information about specific Web Services to thoseauthorized.

Using an unsecured UDDI registry within the enterprise, or with selectedbusiness partners through an extranet, could be extremely risky. Thanksto freely downloadable tools, people with relatively low levels ofexpertise can gain access to and use Web Services. Any true Enterprisesolution can implement a standard UDDI service with the ability totransparently control access to information about Web Services.

With regard to DISTRIBUTION, in many cases, the initial deployments ofUDDI registries will be on a small scale. However, as Web Servicesrequirements grow, large deployments will become more common. Inaddition, registry usage and deployments will accelerate with thediscovery of new functions for UDDI registries.

Larger implementations, and use within geographically distributedorganizations, will drive implementation of multiple UDDI registrieswithin a single organization. The evolution towards distributedregistries makes it critical for any individual registry to be able tointeract dynamically with other registries to service their requests.Once established, inter-registry communications could be extended beyondthe firewall to include registries at trusted business partners, or evenwith Internet UDDI registries.

There are considered to be two basic approaches to addressing the needsfor inter-registry communication. One approach is REPLICATION in whichthe same entry namespace exists on multiple servers. Another approach isDISTRIBUTION in which interconnected servers have different entrynamespaces, yet they operate as one logical service.

Although these two approaches may often be confused as being similar,they are quite different.

In a REPLICATION approach, information is duplicated in every serverthat may need to look it up. This is a relatively simple, evensimplistic, solution, but it introduces requirements to synchronizeupdates, and it will, by definition, increase network congestion as thenumber of registries and the volume of their contents grow. Replicationtechniques are best suited for environments where the number of serversis low, the volume of information is low and changes are infrequent. Forenterprise deployments, replication is most useful to maintain backuprepositories in a fail-over environment. Keeping geographically orfunctionally distributed servers synchronized is very difficult usingreplication techniques.

In a distribution approach, information is logically represented on eachparticipating server, but only stored in a single registry. Queries aredistributed to the other registries only as required. The informationreturned is thus guaranteed to be current. This provides a single pointof update and eliminates the problems of synchronization and bandwidthconsumption inherent with replication techniques. True distribution isconsidered to be one answer for scalable connectivity between servers.

For an Enterprise UDDI Registry, there are two scenarios in whichdistribution will generally be used. The first is for organizations withgeographically separated offices, each generating new UDDI entries andconsuming UDDI services. While it might be possible to run a singlecentralized UDDI registry, bandwidth restrictions and time zonedifferences frequently make this difficult to the point of beingunworkable.

A distributed registry provides a flexible, scalable solution. In thisscenario, each participating office has a separate registry, and eachregistry views the others as a logical part of its own content. Theregistry service takes care of all the connectivity details, andcustomers need not be concerned with geography.

The second scenario occurs when an enterprise needs to connect itsinternal UDDI system to that of a trusted partner, or public Internetregistry. In the case of a public registry, in particular, replicationis problematic. Internet registry operators may be unwilling toreplicate parts of their registry to the enterprise's internal registry.Again, a distributed approach is one answer. At present, there are noUDDI Standards for distribution and the proposals for replication areconsidered complex. One solution would provide the benefits of a UDDIdistributed approach without requiring modifications to the standard.

With regard to manageability, as a component performing mission-criticalfunctions within an enterprise, UDDI should meet performance andreliability requirements. It should not just exist as a convenientutility for developers. Read access by clients will be the most frequentand most time-critical usage of a UDDI registry. Performance isoptimized for maximum throughput, and the response times of lookupqueries should not be affected by more complex searching. Performanceshould not suffer as the registry grows in size and complexity. The datastore underpinning the UDDI Registry should be industrial strength andfully support transactions and automatic recovery. In addition, the UDDIservers should have a high degree of availability and support featuressuch as network fail-over and hot standby. System Administrators shouldhave capabilities to make the UDDI registry easy to maintain, monitorand control. These capabilities include DYNAMIC CONFIGURATION to changecontrols, rules and settings without taking the service offline, ONLINEBACKUPS AND TUNING for high availability, ADMINISTRATIVE CONTROLS tostop “trawling” of the registry and prevent denial-of-service attacks,MONITORING via SNMP or other types of alerting mechanisms, AUDITING ANDDIAGNOSTICS with separate log files for security, statistics, queriesand update information and DEPLOYMENT options to support replication,distribution and routing.

Many developer-focused UDDI registries have been introduced. Theseprovide useful capabilities for small development teams, but are nottrue production quality systems. Web Services deployments are growingrapidly and there is a corresponding need for an Enterprise-qualityregistry that can scale rapidly to support ongoing Web Servicedeployments.

A UDDI registry provides a service. This service will be relied on bymany applications. In the case of on-line businesses, it may beimportant that this service be ever present. For example, a UDDIregistry may be required to provide service level agreements of 99.99%availability. In order to facilitate this level of availability, theUDDI registry may be replicated across two or more machines, andmechanisms provided to make certain that the machines are keptsynchronized, and that, should any of the machines become unavailable,any incoming queries are automatically routed to an available machine.

As has been pointed out, UDDI may be considered as effectively analogousto phone directory service. As such, the Directory model of informationstorage is a perfect base on which to build a UDDI registry service. TheDirectory model has been evolved and developed for the specific needs ofDirectory-based services, with the security, scalability and reliabilityneeded for enterprise level deployment.

Most of the items described above are implemented at the service level,rather than at the data storage level, in application architecture.Relational databases (RDBMS) are generic toolkits upon which manydifferent kinds of applications can be built. RDBMS implementationsconcentrate on providing solid data access functionality rather thanextra service functions that are required in the end application.

The Directory Service architecture shown in FIG. 3 illustrates theseparation of a Service Layer 31 from the other components.Encapsulating the interface functions into a Service Layer 31 results inreusable service infrastructure components. An excellent example of thisis a web server. A web server provides a collection of functions (HTTPaccess, CGI processing and so on) that together make up a service usefulenough to build into a standalone component. In the same way, theDirectory Service model has been developed to supply the functionsrequired by a specific type of application. Directory technologiesprovide the underpinning for many mission-critical applications in thearea of authentication and authorization.

UDDI may be viewed as analogous to another kind of Directory Service. Itmay then be seen that many of the implementation problems posed by UDDIcan be solved by using Directory technologies. For example, Directoriesare optimized for extremely efficient find and search operations thatare very common for UDDI phone Directory operations.

It has already been noted that a UDDI service should offer strongsecurity, distribution and manageability capabilities if it is to bedeployed successfully in the Enterprise. These are the very sameattributes which have already been built into Enterprise-strengthDirectory Services solutions.

One way to construct an Enterprise UDDI registry is to extend theexisting Directory infrastructure, which has been tried and tested inhigh-performance, real-world applications.

The Directory Services architecture provides the optimal vehicle toimplement an Enterprise UDDI registry. This combination supports thecapabilities necessary for success. The UDDI Service as illustratedschematically in FIG. 4 identifies components which may be implementedfor this infrastructure. UDDI SEMANTIC BRIDGE 41 is a service componentthat mediates between the SOAP implementation 42 of UDDI and the LADPinterface 43 supported by Directory 44. Directory 44 deliversinformation access with supporting security controls, distributionmechanisms, and administration capabilities. RDBMS 45 provides theunderlying physical data management, transactional integrity and backupand recovery mechanisms.

UDDI registry products may be built directly on RDBMS technology.Relational Databases, although very useful and strong in many ways, donot by themselves meet the requirements unique to Directory processingIt would be possible to build a Directory-type application from scratch,utilizing an RDBMS or other data storage system underneath. However,this may not be the most efficient approach.

An alternative approach is to apply the Directory Service model todeliver a UDDI registry and supply the functions required for thisspecific type of application. Even more functions required for a UDDIregistry could be supplied by modern, industrial-strength DirectoryServices. A UDDI registry may be viewed as a Directory Service withspecialized communications and APIs. Delivering UDDI services on aDirectory could provide the requisite security, distribution andmanagement capabilities without having to modify the UDDI Standards togain the benefits.

A careful design of the data representation would be beneficial to givethe functionality and performance required of a UDDI repository.

The following description refers to various UDDI concepts. A moredetailed description of these UDDI concepts can be gained by referenceto the UDDI specifications (http://www.uddi.org/specification.html).

A schema, in Directory parlance, is a description of the data elementsthat can be stored in the Directory, and how those elements may beconnected together. This includes descriptions of each of the possibleattributes (an attribute holds a single piece of data), descriptions ofthe various objects (an object is a collection of attributes), andspecifications of the possible object hierarchies. The particular Schemanotation used in this specification is the one used by eTrust Directory,a product of Computer Associates International Inc. ‘eTrust’ is aproduct name and trademark of Computer Associates International Inc. Ofcourse, other Schema notations my be used.

The present disclosure describes a Schema used to implement a UDDIrepository using a Directory as the data store. There are a number ofconcepts involved in this Schema. There are also a number of techniquesused to enhance the operation of the UDDI implementation. The followingis a brief description of some of these concepts. A more detaileddescription of these concepts and techniques will be described laterbelow when describing embodiments of the present disclosure.

The present Schema is designed to provide optimized operation. Thepresent Schema design, which includes the definition of Attributes,Object Classes, Entries and the Hierarchy, is embodied in a manner thatenhances operation. The present Schema design provides significantadvantages in, at least, security, performance, manageability, anddistribution.

The hierarchy of the system will now be described. An X.500 Directorysupports distribution internally, providing a distributed UDDIrepository without any coding at the UDDI level. A level divides thecontents of the repository. The (optional) domain level of this schemaprovides that level, each domain entry, and all of the entries below it,can be placed on a separate Directory server transparently to theUDDI-level programming. FIG. 11 illustrates an embodiment of this aspectof the present disclosure. This will be described in more detail laterbelow.

According to an embodiment of the present disclosure, a user object isplaced over the business and TModel objects. The user object provides aplace for the storage of information relating to the user. It alsoprovides an anchor point for all of the data published by the user. FIG.10 illustrates an embodiment of this aspect of the present disclosure.This will be described in more detail later below.

Security is facilitated in this domain/user hierarchical system. A UDDIimplementation can enforce that a user has control over their sub-treeof data objects.

Searching for user controlled entries is provided. Searching for datacontrolled by this user can be enhanced by using a sub-tree search underthe user object.

It is possible to find a business by specifying, for example, a TModelthat occurs in a Binding Template. This equates to “finding x by findingone (or more) of its children”. In other words, a query may be “find allbusinesses which have a service which has a Binding Template whichreferences this TModel”. Such queries are done by finding the DN(Distinguished Name) of the descendent object, and discarding theunwanted levels, to yield the DN of the Business Entity. It is alsopossible to do duplicate elimination in this manner. This find featurecomes about due to the hierarchical nature of the structure of thepresent disclosure.

Searching may be performed using attributes unique to an object class.This is an optimization that has two advantages. This simplifies thewriting of searches, and yields superior performance through theelimination of ‘weak’ clauses. A ‘weak’ clause is a part of a filterthat returns a large number of entries, or which refers to an attributethat is part of many entries. A design which used the same attributename for every Name would have two choices when searching, for aBusiness Entity by name: it includes the object class in the search orfilter the results of the search. The former is only possible ifbusiness names had a unique object class, and even so, object class is aweak clause, incurring more overhead. The latter means extra code andthe potential for returning a result list much larger than the desiredresult.

For example, consider a company called “McKenna's Testing Services”which offers a wide range of Web Services, all of which include“McKenna's” in their name—a search for business entities with“McKenna's” in their name would return intermediate results for all ofthe services as well. These intermediate results may be eliminated, butdealing with them reduces performance.

It is preferable to be able to specify an attribute name in a search andhave that attribute name uniquely identify the object class beingsought. To continue the example above, the search is much simpler if wecan specify:(euBusinessEntityName=McKenna's*)

Such a design produces strong searches, which are efficient because theyare searching only the desired area. Strong searches include searcheswhich return a small number of entries. The Directory can index theeuBusinessEntityName attribute, and return results from that index—thisproduces good performance, and avoids handling unnecessary intermediateresults.

For simple queries, such a design means that a search for a BusinessEntity name is a single clause, rather than the compound that might benecessary in another design. Imagine if the name attribute were calledeuName, and the Business Entity name object were calledeuBusinessEntityName. That would yield a search like:(&(euName=McKenna's*)(oc=euBusinessEntityName))

There is an even more simple design, wherein all names are stored in thesame object class. This means that the search reduces to(euName=McKenna's*) again, but now we wade through results for allnames, trying to locate those which have a parent object that is aBusiness Entity—this last design would yield potentially poorperformance, and rather more complex programming.

Shadow attributes may be used for case-sensitivity. It is far fromtrivial to provide both case-sensitive and case-insensitive searchingusing a single index. One option is to index case-insensitively, thenscan the results case-sensitively. Another solution here is to index theoriginal data case-sensitively, and to add a second attribute (in whichthe same data is stored) which is indexed case-insensitively. Then allthat is required is to choose the appropriate attribute to searchdepending on the find qualifiers.

Every attribute in this design may be single-valued. This allowsefficient indexing, higher performance, and stronger searches.

Using multi-valued attributes makes ambiguous searches possible. Thatis, it is possible to get search results which are counter-intuitive,and unintended. Imagine a multi-valued numeric attribute, called ‘n’,and an entry which contains this attribute with the values 2 and 5; thisentry will be returned in response to a search (&(n<3)(n>4)), which isnot something that would be readily anticipated.

Single-valued attributes are one of the techniques used for strongsearches. A strong search is one which can eliminate the majority ofcandidate results through the index. Strong searches are a key toimproved performance.

Aliases may be used for service projection. This is a significantbenefit of using an X.500 Directory as the data store. A serviceprojection can be represented neatly using an X.500 alias. This has themajor advantage of guaranteeing data integrity. The alias accesses theoriginal data, so any change to the original is instantly reflected bythe alias. If the Directory implementation supports alias integrity,then when the original entry is deleted the alias vanishes withoutadditional work.

Publisher Assertions are one of the least clearly defined elements inthe UDDI Standard, and they require careful design. An inappropriateimplementation could readily yield poor performance.

Because the most common use of Publisher Assertions is thefind_relatedBusiness API, which is searching for all the completedPublisher Assertions relating to a specified Business Entity, it is gooddesign to place each assertion under a Business Entity to which itrefers.

By calculating the status of the assertion, and storing it in theassertion object, it is possible to restrict a search to completedPublisher Assertions. This means that the results returned will notcontain spurious references that are to be removed.

Storing the relationship object as an auxiliary class allows the searchto eliminate any assertion which has an unwanted relationship. If therelationship were stored as a child object, it would not be possible towrite a single search that would address both the relationship and theassertion completion status.

UDDI keys may be used for naming where present. UDDI defines keys formany of the important object classes, and these keys are specified asbeing guaranteed to be unique. This means that the keys can be used asthe naming attributes for the objects. Using the UDDI keys as the namingattributes means that there is no need to attempt resolution of namingclashes—that would be required if, for example, the default name wereused as the naming attribute for a Business Entity.

Keys may be provided for naming where not present. That is, not all UDDIobjects have defined keys. An example is Publisher Assertions. Forthese, the present system provides a key, using the same algorithm as isused for the UDDI-defined keys. This re-use of the idea means that codeand structure written for the other objects can be re-used.

Where a series of UDDI objects are children of another object, and theorder of the children is important (address lines, for example), thekeys assigned to the child objects are arranged to be monotonicallyincreasing in value, so that sorting on the keys yields the desiredorder. This simplifies the process of ensuring the desired order.

Where practical, it is desirable that keys vary in a little-endianmanner. That is, the leftmost byte of the key varies most rapidly,because that yields the best performance of indexing in the X.500Directory being used as the data store.

The UDDI Standards define a number of sub-structures inside some of themain object types. In many cases these sub-structures are optional, andmay be repeated (they may occur zero, one, or more than one times in thesame object). A simple example is the name sub-structure, containing astring (the name) and a language identifier. The X.500 schema definitiondoes not support the use of structured attributes, so there is noimmediately clear mapping of sub-structures. There are a few ways inwhich these sub-structures can be implemented in an X.500 schema.

One way is to concatenate the components of the sub-structure into asingle attribute, using a separator of some kind to divide the variouselements. This may not be the optimum design choice, because it losesthe ability to index or search the components separately, and it addsprocessing complications to handling the data.

In the present system, the particular design used to representsub-structures is chosen to maximise performance and manageability. Thedesign disclosed may use one or more of a variety of techniques torepresent sub-structures in a Directory. These techniques can besummarized in 3 categories.

One technique is that many of the sub-structures can be handled as childobjects. Names are a good example: the Business Entity names are storedas children of the Business Entity. Another example is descriptions,where a separate Business Description object is a child of BusinessEntity objects. FIG. 15 provides an illustration of an embodiment ofthis aspect of the present disclosure and will be described in moredetail below.

Another technique is flattening/merging. In cases where there may be atmost one relationship to another object, the attributes may be combinedinto a single object. In this case, the hierarchy is said to beflattened because two objects have been combined into one object. A newobject is said to be merged because the new object contains acombination of attributes from the combining objects. Preferably, thecontents of the Relationship Object are promoted to the Parent Object.

For example, FIG. 16 illustrates schematically a representation of aUDDI relationship diagram. FIG. 17 illustrates schematically a DirectoryHierarchy diagram where the Directory hierarchy has been formed by aflattening of the UDDI objects.

By way of explanation, FIG. 16 illustrates Object 161 having arelationship Object 162 to Object 163.

In accordance with an embodiment of the present disclosure, where thereis a one-to-one relationship, a ‘child’ can be promoted. In other words,that part of the hierarchy can be collapsed or flattened and objectsmerged. The result is illustrated schematically in FIG. 17. The ParentObject 171 has contents A1, A2, An and has one or more children, ChildObject 9n, with contents B1, B2, Bn, C1, C2 and Cn.

Another technique is splitting. For example, in one particular case (theOverviewDoc sub-structure), a sub-structure contains an unrepeatedelement and a repeated element. The unrepeated element (OverviewURL) canbe moved into the parent, while the repeated element can be made a childobject.

Another aspect of the present disclosure is management. Deleting aTModel hides it from find_TModel but does not remove it from therepository. Accordingly, to implement the correct handling of TModels, ahidden flag may be implemented. The presence of this flag indicates thata TModel (or user object) is hidden. The absence of the flag indicatesthat it is not. This will be the case for the vast majority of TModels,so this approach is efficient. No space is occupied in unhidden objects,and no indexing is used either. The Directory will index only thoseentries which do have the hidden attribute. This also means that thesearch for unhidden TModels will be fast and efficient.

The X.500 Directory used as a data store encourages a design which doesnot store empty values. For example, a (optional) value which is absentfrom the object is not stored in the Directory. This makes efficient useof storage space, and makes for stronger searches. Any search on anattribute need only consider those objects which have data for thatattribute.

The data hierarchy of the present system matches well with the intent ofthe UDDI Standard. When a request arrives to delete a UDDI object, itmaps directly to the deletion of a sub-tree in the Directory. Forexample, deleting a service includes deleting its names anddescriptions, and all of its Binding Templates. All of these arechildren of the service entry in the Directory. Accordingly, the presentsystem deletes the sub-tree from the service entry on down. This isreadily implemented, and efficient.

A domain is a name representing the base of a hierarchical sub-tree. InX.500 terminology a domain is known as a context prefix. In LDAPterminology it is known as a suffix. Giving UDDI repositories a domainname allows use of true distribution (in the X.500 sense) of the data inthe repository. The UDDI Standard only supports replication. By havingthe domain nodes, the present system can use Directory distributionfacilities transparently to the application.

For example, assume that an Enterprise deploys UDDI internally, but hastwo development sites. With this facility, they can deploy a UDDI serverat each site, with distribution allowing each site to transparently viewitems published on both registries.

An advantage of this is that it allows distribution ‘for free’. Forexample, the UDDI server does not have to do any extra work and theDirectory system effectively links together islands of information.

Nothing in the UDDI Standards dictates how the user information isstored. By creating user objects, all of the information relating to auser can be stored in a single object, and that object can be used asthe root of the sub-tree holding all of the objects that the userpublishes. This makes the definition of security much simpler. Forexample, if the object under consideration (be it business, service, oreven TModel) is underneath the user's user object, then the usercontrols it.

UDDI defines objects that contain repeating elements. For benefits suchas performance, searchability and manageability these repeating elementscan be represented as child objects.

Storing repeating structured data as child objects allows representationof the data efficiently in a Directory, with each field individuallyavailable (and indexed) for searching.

For example, Business Entity names can be stored as children of theBusiness Entity object. Another example is Business Description whichcan be stored as children below Business Entity objects.

An advantage of this type of system is that it allows searching for aname (which is a common UDDI search), and the DN of the entry gives theDN of the object to which the name belongs.

UDDI defines redundant ‘container’ nodes (UDDI structures which containonly child sub-structures, rather than attributes). These can be removedbecause they can be constructed at relatively low cost from the resultsof a query. In some cases, attributes can be promoted from a child nodeto its parent, to remove the now-redundant child-node from the Directoryrepresentation.

For example, tModeInstanceDetails is not represented in the Directoryschema as it contains no attributes. instanceDetails is not representedin the Directory schema as its attributes were promoted into thetModelInstanceInfo parent, as were the attributes of its child,overviewDoc. The category and identifier bags are not represented in theDirectory, their contents are made children of the owner of the bag

An advantage of this is that it reduces the number of entries in theDirectory. In particular, it minimizes the depth of the DIT, which canimprove performance.

FIG. 12 illustrates schematically a hierarchy structure according to anembodiment of the present disclosure. One or more Domain or Prefix 121are provided. Under each Domain 121, there may be one or more Users 122.Under each User 122, there may be provided one or more TModel 123 andone or more Business Entity (BE) 124. Under each Business Entity 124,there may be provided one or more Publisher Assertion (PA) 125, one ormore Business Service (BS) 126 and one or more Service Projection (SP)127. Under each Business Service (BS) 126, there may be provided one ormore Binding Template (BT) 128. Aliases can be placed as required by aparticular implementation. For example, Service Projection object(s)(shown as a triangle in FIG. 12) may stem as an alias from BusinessEntity object(s).

The advantages of this schema design as represented in FIG. 12 willbecome apparent from a reading of the present disclosure as a whole.

Publisher Assertions are placed under the business entities to whichthey refer because they are most frequently used in the context of afind_RelatedBusinesses call, which specifies a business key and islooking for all the businesses related to that one via PublisherAssertions. The present system locates the specified business, thenreads all the Publisher Assertions underneath it (that are complete).This is a quick and efficient way of locating the relevant assertions.

An advantage of this is that it allows fast and efficient searches. Italso allows easy maintenance of data integrity. For example, when abusiness is deleted, any Publisher Assertions are automatically deletedtoo.

TModels can be changed (or retired/hidden) by the user who publishedthem. Placing them under the entry representing the user makes thesecurity simple. For example, if the TModel lies in the sub-tree underthe user entry, then it can be modified. If not, then it can not.

In more detail, if the DN (Distinguished Name) of the user trying tomake the change matches a prefix of the DN of the TModel, the entry canbe modified by that user, otherwise it can not. The Directory can beused to make this determination (Naming exception if the DN doesn'texist), or the UDDI server can do it.

When an object is deleted from the repository, the informationassociated with that object may also be deleted. This is greatlysimplified by the hierarchical design used according to embodiments ofthe present schema. When the object is deleted, the entire sub-tree ofwhich it is the root can be deleted, and this process can delete all(and generally only) the associated information. Deleting a sub-tree canbe performed bottom-up. Each entry can only be deleted when all itschildren are deleted. This is managed by listing all the children inreverse DN order. This guarantees deletion of the children before theirparents.

An advantage of this is that a sorted list method is an alternative tothe more complex use of recursion. Further, it is relatively simple andmemory-efficient. When all the entries in the subtree are sorted by DN,and deletes are executed in reverse order, this guarantees that allchildren will be deleted before their parent.

For example, when a business service is deleted, the system deletes allthe Binding Templates associated with it, their TModel instanceinformation, and the various associated category information. All thiscan be deleted by deleting the sub-tree of which the business service isthe root.

Due to the hierarchy used in the design of this schema, the DN of anobject reveals the chain of ownership and control for an object. Notethat inference is also dependent on careful choice of naming attributes.

An advantage of this is that it can reduce the number of searches orreads used to gather information. For instance, with search resultswhich are child objects (such as names), the DN of each entry revealsthe parent (e.g. the BusinessEntity) and the owning account.

For example, the DN of a business service reveals the business to whichit belongs, and the user who controls it.

Directories do not guarantee any ordering of the result. When dealingwith a complex result (such as a Business Entity and its businessservices, together with their appropriate names and descriptions), theconstruction of the output can be simplified by taking the results ofthe search and sorting them by DN. This organizes them so that theconstruction of the results becomes relatively simple. Each object isconstructed before its children, so it is easy to place the childrenunder their parent, so that the result for a business is organizedbefore its services. All the children of an object appear before thenext object of the same type, all of the services for one businessbefore the next business appears. This also allows simple recursiveconstruction, because the same thing applies at each level.

An advantage of this is that it minimizes the number of passes through alist of raw entries required to construct the UDDI structures.

For example, after sorting, the result for a business, A, is followed bya result for its first service, AA, that service's name, then A's secondservice, AB, and its names, then a second business, B.

A search can also be carried out on children. For example, a frequentsearch request may be “finding x by finding one (or more) of itschildren”. One of the ways a business can be found by a search is byspecifying, for example, a TModel that occurs in a binding template. Inother words, the query is “find all businesses which have a servicewhich has a binding template which references this TModel”. Thesequeries can be done by finding the DN of the descendent object, andchopping off the unwanted levels to yield the DN of the business entity.Advantageously, this also eliminates duplication. This search methodcomes about, in part, due to the hierarchy structure of embodiments ofthe present disclosure.

The use of guaranteed unique keys simplifies matters. The entirerepository can be searched for a single key, and uniqueness will assurethat there will either be no result (if that key is not present), or oneresult (if it is present). There is no need to be cautious aboutlimiting searches within the range of a parent. This yields enhancedperformance from the Directory, because it can use database indexes totheir optimum.

An advantage of this is that it makes use of the fastest type ofDirectory queries. Another advantage is that the guaranteed unique namesmay be important if a given object is referenced from another.

A property of most indexing systems is that they are data dependent. Ifthe data is “little endian” (the leftmost portion changes most rapidly)that data tends to be spread and so the indexes can give maximumperformance. Conversely, if the data is repetitious, the indexes may notbe very effective. A UUID (Universally Unique Identifier) algorithm canbe used which exhibits “little endian” qualities. An advantage of thisis that it maximises Directory performance.

Keys may be added to derived objects. Where a repeating data element ismade into a child object, there is a need to add a naming attribute,which will form the last arc of its DN. In a Directory, the namingattribute is different from its siblings, since no two children of thesame parent can have the same name.

Two kinds of keys may be used. For child objects which do not requireorder, UUIDs are used because these are guaranteed to be unique. Whereorder is important, keys with a monotonically increasing property areused to guarantee order.

In the UDDI Standard, a Business Entity can offer two kinds of services:those which it controls (represented in the repository by childobjects), and those which it offers an interface to, despite the factthat they are provided by another Business Entity. The latter arerepresented in the disclosed UDDI repository by aliases. An aliasprovides exactly the right features. For example, if the original object(service) is altered in some way by its owner (perhaps another BindingTemplate is added), then the object referenced via the alias “changes”too. Moreover, any search under the Business Entity for a service willyield both real and aliased services.

For example, aliases can be used for Service Projection, where aBusiness can point to a Service defined under another Business.

An advantage of this is that leveraging aliases allows functionalitythat basically involves “an alternative name” to be automaticallyprovided. Furthermore, if the Directory supports alias integrity, thenif the original Service is deleted, any projections are automaticallyremoved.

In the UDDI Standard there are a number of places in which we do notwish to have direct reference to another object, but rather anintermediate step—such as in the case of TModel instance information, orthe references to business entities in a Publisher Assertion. In thesecases, an alias would complicate the code. Accordingly, instead thepresent system may use a reference to the object. Because the presentsystem, according to an embodiment, guarantees that every object has aunique key, then that key behaves exactly as a reference, sometimesknown as a “foreign” key.

Attribute grouping can be performed using auxiliary object class. Inhandling Publisher Assertions there is a need for an ability to locate aPublisher Assertion using those three attributes which uniquely identifythe Publisher Assertion: the two Business Entity keys, and therelationship between them. However, the relationship is specified as akeyed reference, which is itself three different attributes: TModel key,key name, and key value. One way is to store this relationship as achild object of the Publisher Assertion. However, this may not allow themost efficient search for a specific Publisher Assertion. By making therelationship keyed reference an auxiliary class to the PublisherAssertion entry it is possible to search for all five attributes in asingle search, and thus isolate exactly the Publisher Assertion objectsrequired.

One design of this schema may use normal object-oriented designtechniques, and yield, for example, all keyed references having the sameattribute names. However, this design may make it more difficult andexpensive to isolate, for example, a Business Entity category keyedreference, and to avoid confusing it with a TModel category keyedreference. It may also make it necessary to include object class termsin the filter and such terms are weak (highly repetitious in therepository).

Giving, for example, every different kind of keyed reference a differentobject class and different attribute names, means that any search for aparticular attribute name necessarily implies the object class. It alsomeans that the Directory server can construct an index that only hasentries in it for the specific kind of entry desired. Such an index willbe smaller and consequently faster.

For example, a search like: “euBusinessEntityName=Smith*” will consultthe index for euBusinessEntityName, and so cannot be confused by anentry containing Smith in an attribute called euTModelName.

There may well be a call for tools outside the scope of the UDDIStandard. Such tools may need to provide means of access beyond thosespecified in the UDDI Standard. To allow for such tools, this presentdisclosure defines abstract classes which bind all the object classesthat represent a single UDDI concept. This allows the definition ofsearches which can look at, for example, all names, or all keyedreferences.

For example, there is an abstract class euName which is the superclassof all the Name-type object classes, including euBusinessEntityName andeuTModelName.

The UDDI Standard specifies that it be possible to search, for example,names in both case-sensitive and case-insensitive ways. This can behandled by indexing case-insensitively, and then retrieving the entriesand checking them case-sensitively, but such an approach costsperformance. It is preferable in these cases to define a shadow fieldwhich contains the same data, but is indexed differently. Similarly,shadow attributes can be used for variations in language, e.g.diacritical marks.

For example, the euBusinessEntityName object class contains two copiesof each name. The first version is indexed case-insensitively, while thesecond is indexed case-sensitively. This allows the construction of asearch filter which performs optimally no matter which behaviour isrequested.

Every attribute (except object class) in this repository may besingle-valued. This makes it possible for the Directory to constructmore efficient indexes, and provide better performance in searching.

This also removes the possibility of false positive results insearching. For example. consider a search that looks for names whichbegin with “Fr”, and end with “nk”. One might expect this to yield(valid) entries with names like “Frank”. If, however, name is made amulti-valued attribute, one may well get an invalid entry with two nameslike “Fred” and “Tink”, because this one entry matches both criteriaspecified. By using single-valued names, each of which is a child objectof the entry, the spurious matching of “Fred” and “Tink” is eliminated.

Operational attributes are special attributes that are managed by theUDDI application, but which are not seen by the user.

In the storage of UDDI data, it should be possible to have a way todistinguish TModels which are in-use from those which have been“retired”. When a TModel is deleted, it may well still be used by manyentries, so it cannot be truly deleted. Instead it is hidden, whichmeans that it will not be returned as part of the results of afind_TModel call, but it can still be queried via a get_TModelDetailcall. This is implemented by use of an attribute called euHidden, whichis added to those TModels which are hidden. It may be beneficial andefficient to add a search step which eliminates any entry containing theeuHidden attribute to any filter searching for TModels.

In Directory implementations it is considered generally very inefficientto have an attribute which is predominantly one value. For example,having a hidden attribute which is set to FALSE for 99% of the entrieswould produce poor performance—the index would be pretty much unusable.

What is considered much more effective is to have the majority ofentries stored without the hidden attribute, and only add the attributeto those entries which are to be hidden. This has the additional benefitof not requiring the storage space to hold all those “FALSE” values. Nowthe filter for finding all those TModels which are not hidden becomes“(!(euTModel=*))”—which is a negation of an existence test, andexistence tests are rapid, especially when the attribute only exists ona small fraction of the entries.

An embodiment of the present disclosure will now be described forresolving the implementation and UDDI Standard's issues in the contextof a Directory. There are a number of elements to an X.500 schema. Theseelements include Attribute definitions, Object Class definitions andName Binding definitions. An Attribute definition specifies a singledata element, giving it a unique identifier (an OID), a name, and a datatype. An Object Class definition specifies a collection of attributeswhich is manipulated as a whole. It gives a unique identifier (an OID),a name, and a list of attributes; the attributes may be required oroptional. A Name Binding specifies part of a possible hierarchy. TheName Binding specifies one object class which may be stored underanother, and specifies the attribute (or attributes) of the child thatnames the child object in this context.

There are a number of find qualifiers which impose additional designrequirements. One find qualifier is case sensitivity for providing theability to search for text data in both case-sensitive andcase-insensitive manner efficiently. According to an embodiment of thepresent disclosure, case sensitivity can be resolved by providingadditional fields in the objects, indexed differently.

According to this embodiment, the textual data is stored twice in anattribute of type caseExactString, and in an attribute of typecaseIgnoreString. The find qualifier then determines which of the fieldsis searched, resulting in maximum performance.

For example, if a Business Entity has a name like “McKenna's IronFoundry Services”, then that string will be stored twice, once in afield that is indexed case-sensitively, and once in a field that isindexed case-insensitively—the stored data is the same, but the indicesgenerated by the underlying Directory are different.

Another issue involves implementing service projections efficiently.According to an embodiment of the present disclosure, this can be solvedusing the X.500 alias facility. There are a number of ways in whichservice projections may be handled. This embodiment of the presentdisclosure handles them by way of Directory aliases. This is aparticularly efficient way to implement them. It guarantees consistencyof the projection with the base service, because the base service isaccessed directly through the alias. It also guarantees that theprojection will vanish the moment the base service is deleted, thusensuring consistency.

For example, if a Business Entity called Williams Accounting Servicespublishes a Web Service called General Ledger Cross-Check, and it isdesired to offer this same service under a second Business Entity calledWilliams Auditing Services, then this can be achieved by placing analias entry under the second Business Entity. An inquirer enumeratingthe services offered by Williams Auditing Services will find the GeneralLedger Cross-Check service, just as it will find any services offereddirectly by Williams Auditing Services.

Another issue involves implementing keys efficiently. According to anembodiment of the present disclosure, this is resolved using UUIDs forexternal keys, and keys where order is unimportant. Sequential numbersmay be used where order is important. Although keys are represented asstrings, they are not truly text data. They are compared withoutsensitivity to case or diacritic marks.

Externally-visible keys follow one set of rules. When implementing arepository compliant with Version 2 of the UDDI specification they holdUUIDs, compliant to ISO-11578. When implementing a repository to Version3 of the UDDI specification they hold key strings following the ruleslaid out in that version of the specification.

Note that keys used internally to link elements together follow anotherset of rules. Those where order is unimportant use UUIDs. Where order isimportant, sequential numbers are used.

For example, a keyed reference that represents an element of a categorybag for a Business Entity called Williams Auditing Services, mightreference a TModel with a key of 12345678-1234-1234-1234-1234567890ab(UDDI v2). The order of the keyed references in a category bag isunimportant, but the keyed reference requires a key to function as anaming attribute of the object. Thus we might generate a UUID key forthis object, something like 87654321-4321-4321-4321-ba0123456789, anduse that as the naming attribute in the Directory for this object.

Another issue is that data may be organized into domains if X.500distribution is desired. This is resolved according to an embodiment ofthe present disclosure by creating a repository layer above users soeach repository can be placed on a different server.

The UDDI Standard does not allow for the name space to be distributed.This means that multiple UDDI registries can co-operate with each otherby replication or by transparently having the backend data storemanaging the distributed name spaces.

Distributed name spaces can be facilitated by each repository having anaming pre-fix. This pre-fix is a set of nodes that define a Domain.These nodes can be considered a repository layer above each UDDIregistry. These nodes are placed above the user level.

FIG. 11 illustrates an example of such a node, called “Domain” 110.Domain 110 is the Directory pre-fix and may include one or more nodes upto the root. Below the Domain 110, this example illustrates thearrangement of a number of users 112, 113 and 114, for example. Thenumber of Users arranged under a Domain 110 may vary according to theparticular configuration and/or use of the present system. There mayalso be a number of domains arranged depending on the particularconfiguration and/or use of the present system. In the example belowthey are referred to as repository objects, suggesting that theyrepresent separate physical repositories. Of course, this may notnecessarily be the case, depending on the configuration and/or use ofthe present system.

The repository object requires a naming attribute, but that is all. setobject-class uddiObjectClass:400 = {  # repository - may be used tobreak users into groups name = euRepository subclass-of top    must-contain         euRepositoryName };

Distribution is an important concept in large-scale Directorydeployment, as it allows for data to be shared by multiple nodes withoutthe massive bandwidth overhead and synchronization problems ofreplication.

In one embodiment, ‘etrust’ UDDI supports distribution using thecapabilities of the underlying eTrust Directory server, and in order forthis to work the schema has been structured accordingly, with allowancefor a virtual ‘Domain’ node(s) at the top of the tree hierarchy andunique Node identifiers or names at the top of each Node sub-tree (seeUDDI schema description below).

Furthermore, an eTrust UDDI server can be made ‘distribution-aware’through configuration. Two separate Directory prefixes can bespecified—one for searching and reading, and another for Adding entries.To deploy a distributed server, the underlying eTrust Directory serveragents are configured for distribution as per the eTrust Directory AdminGuide. Each separate eTrust UDDI node is configured with a unique Nodename. The Search/Read prefix for each node is set to the ‘World’ or‘Corporation’ node name. The Add prefix for each node is set to theunique name of that Node.

In this way, each Node adds entries to its own Directory repository, butsearches for entries across all Nodes via the distribution features ofthe X500 Directory.

An example of a repository object might be:euRepositoryName=Melbourne

Another issue involves organizing the data which is held about the user.This can be resolved by creating a user object to hold the data.

Although there is no user object specified in the UDDI specification,such an object can be utilized according to an embodiment of the presentdisclosure. For example, a user object can be, among other things, astorage point for user credentials, and an anchor point for publishing.

FIG. 10 illustrates an example of such an arrangement, called ‘User’101. Below the user 101, this example illustrates the arrangement ofother object(s), such as Business Entity object(s) 102, Business Serviceobject(s) 103 and Binding Template object(s) 104. The number of BusinessEntity object(s) arranged under a user 101 may vary according to theparticular configuration and /or use of the present system. There mayalso be a number of users arranged depending on the particularconfiguration and/or use of the present system.

The data elements held in the user object include the user key (used toprovide a unique name for this user account), the user name, and thecredentials (may be as simple as a password, or as complex as a PKIcertificate). It may also contain an authorized name (identifying theperson or role authorized to operate the user account). It may alsocontain a hidden flag used in handling the deletion of user accountswithout losing any TModels defined by the user. set object-classuddiObjectClass:401 = { # user account name = euUserAccount subclass-oftop must-contain euUserKey, euUserName, euCredentials may-containeuAuthorizedName, euHidden };

An example of a user account object might be:euUserKey=23456789-2345-2345-2345-234567890abceuUserName=GraceeuCredentials=Amazing76sQ(it is assumed in this example, that a simple userid and password systemhas been implemented)

Another issue involves representing the data concerning a BusinessEntity (an object class described in the UDDI Standard), in an efficientway. This is resolved according to an embodiment of the presentdisclosure by representing unique fields as attributes of the object,and repeating elements as children.

The Business Entity object is a fundamental component of the UDDIStandard. Its content is defined by the standard, but many of itselements are repeating complex objects, which are not supported by X.500schema. Such elements are represented by a hierarchical arrangement.

The only required element in a Business Entity is the business key.Optional elements include an authorized name, an operator, and a userkey (this last will be present in a Business Entity published by anormal user). set object-class uddiObjectClass:402 = { # BusinessEntity - details of an entity which provides services name =euBusinessEntity subclass-of top must-contain euBusinessEntityKeymay-contain euParentUserKey, euAuthorizedName, };

The possible child objects of a Business Entity are: Name (an objectcontaining the name string and language code, keyed for ordering);Description (an object containing the description string and languagecode, keyed for ordering); Contact (a complex object—described laterbelow), Discovery URL (an object containing the URL string and use-type,keyed); Keyed References which are marked as category or identifierinformation through choice of object class; and Business Services(described below)

An example of a Business Entity object might be: euBusinessEntityKey =34567890-3456-3456-3456-34567890abcd euParentUserKey =23456789-2345-2345-2345-234567890abc

Note that most of the apparent content of the Business Entity object isactually stored in objects that are direct children of the BusinessEntity object

FIG. 15 illustrates an example of the introduction of a hierarchy into asub-structure according to an embodiment of the present disclosure forthe representation of a relatively complex object in a Business Entity.In FIG. 15, the multi-valued elements: For child 152 Language en Name CAFor child 153 Language IN Name CATSare represented as children 152, 153 of the Business Entity 151. Theremay be none or more children.

Another issue to be resolved is representing the data concerning aBusiness Service (an object class described in the UDDI Standard), in anefficient way.

This can be resolved according to an embodiment of the presentdisclosure by representing unique fields as attributes of the object,and repeating elements as children.

The Business Service can be implemented in at least two ways. A first isthat the Business Service represents a single conceptual serviceprovided by the Business Entity, available through one or more accessroutes, each of which was represented by a Binding Template. A second isthat the Business Service is a grouping mechanism for services, with thebreakdown into individual services taking place at the Binding Templatelevel. In either case, the data fields are defined in the UDDIspecification.

The elements of a Business Service are the business and service keys.The business key specifies the Business Entity which owns the service.This is not necessarily the Business Entity under which it isdiscovered. A single service can be found under several businessentities, by way of service projections. The service key is the uniqueidentifier of the service throughout the UDDI repository. Both keys arerepresented as strings. set object-class uddiObjectClass:403 = { #business name = euBusinessService subclass-of top must-containeuBusinessServiceKey, euParentBusinessKey };

There is no optional content of the Business Service object. All othercontent consists of potentially repeating elements, and so isrepresented as child objects. The potential child objects of a BusinessService are: Binding Templates (see below); Name (an object containing aname string and a language code, keyed for ordering); Description (anobject containing the description string and language code, keyed forordering); and Keyed References marked as category information.

For example, a Business Service object might be:euBusinessServiceKey=4567890a-4567-4567-4567-4567890abcdeeuParentBusinessKey=34567890-3456-3456-3456-34567890abcd

Note that most of the apparent content of the Business Service object isactually stored in objects that are direct children of the BusinessService object.

Although, FIG. 15 illustrates an example of the introduction of ahierarchy into a sub-structure according to an embodiment of the presentdisclosure for the representation of a relatively complex object in aBusiness Entity, it is equally illustrative of an example of theintroduction of a hierarchy into a sub-structure according to anembodiment of the present disclosure for the representation of arelatively complex object in a Business Service. The Business Entity 151of FIG. 15 is equally applicable to a Business Service, with themulti-valued elements of the Business Service represented as children152, 153 of the Business Service 151. There may be none or morechildren.

Yet another issue involves representing the data concerning a BindingTemplate (an object class described in the UDDI Standard), in anefficient way. This is resolved according to an embodiment of thepresent disclosure by representing unique fields as attributes of theobject, and repeating elements as children.

The Binding Template represents a way in which a particular service maybe accessed. The only required elements of a Binding Template are itskey and the key of the service to which it applies. Optional elementsmay include an access point or hosting redirector (the object shouldhave exactly one of these). If an access point is present, then theaccess point type should also be present. set object-classuddiObjectClass:404 = { # binding template name = euBindingTemplatesubclass-of top must-contain euBindingTemplateKey may-containeuParentServiceKey, euHostingRedirector, euAccessPoint,euAccessPointType };

The possible child objects of a Binding Template are: TModel InstanceInfo (see below); and Description (an object containing the descriptionstring and language code, keyed for ordering)

An example of a Binding Template might be:euBindingTemplateKey=567890ab-5678-5678-5678-567890abcdefeuParentServiceKey=4567890a-4567-4567-4567-4567890abcdeeuAccessPoint=http://www.rsps.com.au/wsepeuAccessPointType=http.

Again, although FIG. 15 illustrates an example of the introduction of ahierarchy into a sub-structure according to an embodiment of the presentdisclosure for the representation of a relatively complex object in aBusiness Entity, it is equally illustrative of an example of theintroduction of a hierarchy into a sub-structure according to anembodiment of the present disclosure for the representation of arelatively complex object in a Binding Template. The Business Entity 151of FIG. 15 is equally applicable to a Binding Template, with themulti-valued elements of the Binding Template represented as children152, 153 of the Binding Template 151. There may be none or morechildren.

Another issue involves representing the data concerning a TModel (anobject class described in the UDDI Standard), in an efficient way.According to an embodiment of the present disclosure, this can beresolved by representing unique fields as attributes of the object, andrepeating elements as children.

A TModel represents an idea. That idea might be, for example, acategorization system, requiring the specification of values which maybe validated. Or it may be a specification of a data communicationprotocol. TModels are a flexible and powerful concept, and central tothe ability of UDDI to represent complex data in a way that can beaccurately queried.

The only required elements of the TModel object are a TModel key and aname. These are represented as strings.

The optional elements of a TModel object are an authorised name, anoverview URL (part of an Overview Doc object), a user key, and a hiddenflag.

A hidden flag is a an element of the handling of the TModel. The hiddenflag is how the deleteTModel call is handled. When a TModel is “deleted”the hidden flag is added to the object. This means that the object willnot be returned to a findTModel call, but will be accessible togetTModel calls. set object-class uddiObjectClass:405 = { # tmodel - areference to an idea. name = euTModel subclass-of top must-containeuTModelKey, euTModelName may-contain euAuthorizedName, euOperator,euOverviewURL, euParentUserKey, euHidden };

The possible child objects are: Description (an object containing thedescription string and language code, keyed for ordering); KeyedReferences marked as category or identifier information; and OverviewDoc Description (an object containing the description string andlanguage code, keyed for ordering)

An example of a TModel could be:euTModelKey=uuid:67890abc-6789-6789-6789-67890abcdef1euTModelName=Corporate QA PolicyeuOverviewURL=http://www.rsps.com.au/policy/ga.htmleuParentUserKey=23456789-2345-2345-2345-234567890abc

Again, although FIG. 15 illustrates an example of the introduction of ahierarchy into a sub-structure according to an embodiment of the presentdisclosure for the representation of a relatively complex object in aBusiness Entity, it is equally illustrative of an example of theintroduction of a hierarchy into a sub-structure according to anembodiment of the present application for the representation of arelatively complex object in a TModel. The Business Entity 151 of FIG.15 is equally applicable to a TModel, with the multi-valued elements ofthe TModel represented as children 152, 153 of the TModel 151. There maybe none or more children.

Another issue involves representing the data concerning a PublisherAssertion (an object class described in the UDDI Standard), in anefficient way.

According to an embodiment of the present disclosure, this can beresolved by representing unique fields as attributes of the object, andusing an auxiliary class for the required relationship keyed reference.

A Publisher Assertion is an object representing a relationship betweentwo business entities.

The required elements of a Publisher Assertion are its key, the to andfrom business and user keys, the status, and the relationship. Therelationship is specified as a keyed reference, and stored as anauxiliary class to the Publisher Assertion entry. The status is storedas a string, but draws its possible values from the Completion Statusobject. All the keys are represented as strings. set object-classuddiObjectClass:406 = { # publisher assertion - a relationship betweentwo businesses name = euPublisherAssertion subclass-of top must-containeuPublisherAssertionKey, euFromBusinessKey, euFromUserKey,euToBusinesKey, euToUserKey, euPublisherAssertionStatus }

There is no optional content in a Publisher Assertion, and there are nochild objects.

An example of a Publisher Assertion might be:euPublisherAssertionKey=7890abcd-7890-7890-7890-7890abcdef12euFromBusinessKey=34567890-3456-3456-3456-34567890abcdeuFromUserKey=23456789-2345-2345-2345-234567890abceuToBusinessKey=09876543-6543-6543-6543-dcba09876543euToUserKey=98765432-5432-5432-5432-cba098765432euPublisherAssertionStatus=status:complete

Note that there will be an auxiliary class associated with this entry;it will be of object classeuPublisherAssertionRelationshipKeyedReference, and will specify therelationship that is being asserted between the two business entitiesnamed. An example might be:euPublisherAssertionTModel=uuid:807A2C6A-EE22-470D-ADC7-E0424A337C03euPublisherAssertionKeyName=wholly-owned subsidiaryeuPublisherAssertionKeyValue=parent-child

Another issue involves representing the data concerning a keyedreference (an object class described in the UDDI Standard), in anefficient way. This is made more complex, by the need to be able tosearch efficiently for particular collections of keyed references: thecategory bag on a Business Entity, for example.

This is resolved according to an embodiment of the present disclosure bycreating an abstract base class to represent keyed references, andsubclass it for each of the desired collections. The collections do nothave a representation in the Directory. For example, they exist asnothing more than a group of keyed references of the same subclass,existing as children of the same object. For example, the category bagof a Business Entity is the objects of classeuBusinessEntityCategoryKeyedReference which are children of thespecified Business Entity. Note that a Business Entity object can wellhave several keyed reference objects as children, with only their objectclasses making it clear which ones are part of the category bag andwhich are part of the identifier bag.

Keyed references are used in several places within the UDDI data model.They include a TModel key, a key name, and a key value. Two uses ofkeyed references are category bags and identifier bags. These bags arecollections of keyed references, and are important to searching. Ifthese bags were represented by objects containing undifferentiated keyedreferences, then it would be potentially quite difficult to implementefficient searching. This is why several subclasses of keyed referenceshave been implemented. A category bag on a Business Entity isrepresented by one or more child objects of the classeuBusinessEntityCategoryKeyedReference. This makes it easy to implementan efficient search for business entities with a specified keyedreference in their category bags.

The example below shows the abstract class and one of the derivedclasses, the euBusinessEntityCategoryKeyedReference, as discussed above.Note that the key to the keyed reference is inherited from the abstractclass, while the TModel key, key name, and key value are all specifiedin the derived class, so they may have distinctive names for searching.set object-class uddiObjectClass:201 = { # abstract class as parent forall keyed references name = euKeyedReference subclass-of topmust-contain euKeyedReferenceKey }; set object-class uddiObjectClass:301= { # Business Entity category keyed reference - collection makes up thecategory bag name = euBusinessEntityCategoryKeyedReference subclass-ofeuKeyedReference must-contain euBusinessEntityCategoryTModel,euBusinessEntityCategoryKeyName, euBusinessEntityCategoryKeyValue };

The contact is a complex object, representing a wide variety ofinformation. Much like the Business Entity, a contact holds a variety ofcompound repeating elements, necessitating the use of child objectclasses.

The only data elements that are directly part of the contact object area key, and the name of the person or role the contact represents. Thereis an optional use-type.

All the other possible elements are children of the contact object.These are: Address (parent of an ordered list of address-line objects,each with a key, use-type, sort code, and TModel key); Phone (a phonenumber plus use-type); E-mail (an e-mail address plus use-type); andDescription (description string plus language code)

Again, although FIG. 15 illustrates an example of the introduction of ahierarchy into a sub-structure according to an embodiment of the presentdisclosure for the representation of a relatively complex object in aBusiness Entity, it is equally illustrative of an example of theintroduction of a hierarchy into a sub-structure according to anembodiment of the present disclosure for the representation of arelatively complex object in a contact object. The Business Entity 151of FIG. 15 is equally applicable to a contact object, with themulti-valued elements of the contact object represented as children 152,153 of the contact object 151. There may be none or more children.

Another issue involves representing the names and descriptions(specified in the UDDI Standard) in an efficient manner, and allowingrapid searching for a specific type of name or description.

According to an embodiment of the present disclosure, the system createsan abstract base class to represent names, and another to representdescriptions, and subclass them for each of the desired types. Searchfor the attributes of the subclass when looking for a specific type ofname (Business Entity name, for example), and for the abstract classwhen looking for any name.

Several of the major objects (Business Entities, Business Services, etc)have the option of multiple names and descriptions. The reasons aremanifold. It is not uncommon for a business to be known by multiplenames, perhaps one formal and one or more colloquial. Moreover, abusiness may use different names in different languages. It is notuncommon for a name to translate badly, for example. For example, thecomputer firm Fujitsu used the name Facom in English-speaking countriesfor many years. The issue may exacerbated in languages with multiplecharacter sets. A Japanese firm may well have one version of their namein katakana, and another version in hiragana.

For these reasons and more, both name and description objects may occurmultiple times for a single object. Each instance is tagged with alanguage code. In UDDI version 3 there may be multiple instances withthe same language code (this is not allowed in version 2).

Find qualifiers add further confusion. As mentioned earlier, UDDIsearches are required to support both case-sensitive andcase-insensitive searching, and this is best handled by storing the datatwice in the X.500 Directory.

The example below shows the abstract class and one of the derivedclasses, euBusinessEntityName, used for the collection of names of aBusiness Entity: set object-class uddiObjectClass:202 = { # abstractclass as parent for all names name = euName subclass-of top must-containeuNameKey may-contain euLanguage }; set object-class uddiObjectClass:331= { # name of a Business Entity name = euBusinessEntityName subclass-ofeuName must-contain euBusinessEntityNameValue,euBusinessEntityNameValueIC # inherits euNameKey and euLanguage fromeuName };

Note that the euBusinessEntityNameValue is the attribute that containsthe case-sensitive version of the name; while theeuBusinessEntityNameValueIC is the version marked as “ignore case”, andis thus case-insensitive. The euNameKey field, inherited from theabstract class, is used to control the ordering of the names, andprovides a unique naming attribute.

An example of a name object might be:euNameKey=890abcde-890a -890a -890a -890abcdef123euLanguage=ENeuBusinessEntityNameValue=McKenna's Validation SystemseuBusinessEntityNameValueIC=McKenna's Validation Systems

Again, although FIG. 15 illustrates an example of the introduction of ahierarchy into a sub-structure according to an embodiment of the presentdisclosure for the representation of a relatively complex object in aBusiness Entity, it is equally illustrative of an example of theintroduction of a hierarchy into a sub-structure according to anembodiment of the present disclosure for the representation of arelatively complex object in an abstract class. The Business Entity 151of FIG. 15 is equally applicable to an abstract, with the multi-valuedelements of the Binding Template represented as children 152, 153 of theabstract class 151. There may be none or more children.

Another issue relates to creating an efficient implementation of therequirement that a user be permitted to alter only those businessentities under his/her control. According to an embodiment of thepresent disclosure, this can be achieved by making the business entitiescontrolled by a user's children of the user object. This makes securitymore easily implemented.

It may be important to ensure that a publishing user only be permittedto alter the information that he/she owns. It is possible to do thiswith various designs. However, the optimal design makes it immediatelyclear whether a user is authorised to publish an item: all the datacontrolled by a given user is located in that user's subtree.

This design decision has no impact on the ease of access to businessentities as a whole, because all inquiries into business entities can beconducted from above the user level in the hierarchy without loss ofgenerality or performance.

Another issue relates to creating an efficient implementation ofPublisher Assertions, particularly with regard to the implementation ofthe findRelatedBusiness method. According to an embodiment of thepresent disclosure, this can be achieved by making the PublisherAssertions relating to a business children of the business object. Thiseliminates the need to search for that criterion.

One primary use of Publisher Assertions lies in thefind_RelatedBusinesses inquiry. This inquiry specifies a particularBusiness Entity, and requests information about all business entitiesrelated to that entity by completed Publisher Assertions. This inquiryis simplified, and accelerated, by a hierarchy which places thePublisher Assertions under the Business Entity to which they relate.This has the added benefit of increasing consistency. When a BusinessEntity is deleted all the associated Publisher Assertions (nowirrelevant) are deleted with it.

Another issue relates to creating an efficient implementation of therequirement that a user be permitted to alter only those TModels underhis/her control. According to an embodiment of the present disclosure,the system makes the TModels, defined by a user, children of the userobject. This makes security easy to implement.

For reasons similar to those that governed the placing of businessentities under user entries, it is sensible to place user-definedTModels under the user entry of the user who defines them. There is nodetrimental impact on locating the TModels, since they can be locatedvia a single indexed access. because all TModels are uniquely named.

Another issue relates to implementing efficient searching of PublisherAssertions by relationship. According to an embodiment of the presentdisclosure, this can be achieved by making the relationship keyedreference an auxiliary class of the Publisher Assertion entry. If thekeyed reference were a child (one implementation) it could not besearched with equal efficiency, and searches for the relationship couldnot be combined with searches on the content of the Publisher Assertion,such as the (critical) filter on status (only completed assertions areconsidered).

The X.500 schema system may not support the construction of objectclasses that include other object classes as data elements. For example,a keyed reference can not be a data element of a Publisher Assertion. Itis possible to make the keyed reference a child of the PublisherAssertion, but this does not facilitate the construction of an efficientsearch that references the contents of the keyed reference.

Making the keyed reference an auxiliary class to the Publisher Assertionentry is an efficient solution to the problem. It is then possible tosearch on the content of the keyed reference as though it were part ofthe assertion.

As described above, an example of a Publisher Assertion might be:euPublisherAssertionKey=7890abcd-7890-7890-7890-7890abcdef12euFromBusinessKey=34567890-3456-3456-3456-34567890abcdeuFromUserKey=23456789-2345-2345-2345-234567890abceuToBusinessKey=09876543-6543-6543-6543-dcba09876543euToUserKey=98765432-5432-5432-5432-cba098765432euPublisherAssertionStatus=status:completeeuPublisherAssertionTModel=uuid:807A2C6A-EE22-470D-ADC7-E0424A337C03euPublisherAssertionKeyName=wholly-owned subsidiaryeuPublisherAssertionKeyValue=parent-child

The auxiliary object class is euPublisherAssertionKeyReference, and thelast three attributes listed above are the data elements of that class.

According to an embodiment of the present disclosure, a Directory suchas eTrust™ Directory by Computer Associates may be utilized to implementan ideal enterprise UDDI registry platform. eTrust Directory, which is afully compliant LDAPv3, X.500 electronic Directory, can be used tounderpin a UDDI Web Services implementation. The ‘eTrust’ Directoryallows the UDDI implementation to leverage the highly mature Directorysolution that is well proven in large-scale, business-critical Directoryservice applications.

There are many unique features of ‘eTrust’ Directory that make itextremely attractive as a platform on which to build a UDDI registry.Some of these include: Security features including access controlpolicies, roles, secure proxy, mutual authentication, distributedauthentication, distributed SSL certificate subject verification andnetwork address validation; Distribution and routing capabilitiesincluding parallel-distributed searches, load sharing, query streamingand shortest path routing; A multi-master replication scheme thatcombines the speed and efficiency of replay-based mechanisms (known asmulti-write) with state-based recovery and reconciliation techniques;Availability features including hot swap of data-bases, networkfail-over and Directory System Agent (DSA) fail over; Caching designthat is considered fast; and Deployment features including dynamicconfiguration (of data types, schema rules, security, knowledge and soon), unlimited data size, general information integrity rules, extensiveadministrative controls and an interactive command console.

eTrust Directory provides a proven X.500 Directory solution. On top ofthis proven foundation can be implemented a UDDI Semantic Bridge toenable a fully Standards-compliant UDDI Registry. Because of thecapabilities of the underlying Directory solution, the embodimentsdisclosed herein can deliver flexible security, distribution andmanageability without requiring changes or extensions to the existingUDDI Standards.

One issue of the present embodiment deals with how to map relationshipsbetween entities stored in disparate sections of the Directory.

While UDDI data structures are primarily hierarchical, there may be aproblem with cross relationship between different objects.

There are essentially two categories of relationships, namelyalternative names, and cross relationships. According to an embodimentof the present disclosure, the problem is resolved by making use of theconcept of Aliases to address the alternative names. Essentially thishas the effect to ‘attach’ a foreign entity as a virtual child of theprimary entity.

The present embodiment makes use of unique keys to address the problemof cross relationships. Essentially this has the effect of creating‘relationship pointers’ rather like the Primary/Foreign key system inRDBMS technology to model relationships between data entities that existbetween disjoint sub-tress within a hierarchical Directory system.

The use of aliases according to embodiments of the present disclosurewill now be described. A first scenario is most clearly demonstrated bythe implementation of UDDI Business Service Projections. A BusinessService projection is in effect an alternative name for a BusinessService. A Business Service Projection is a Business Service whichappears to belong to Business A, but which is in fact owned and definedby Business B.

Referring to FIG. 5, Business Service 51, a Service owned by Business A,appears also to belong to Business B. Any changes made by Business A toBusiness Service 51 will be reflected in the projected Service appearingunder Business B. Similarly, if Business Service 51 is deleted from theregistry, it will no longer appear under either Business A or BusinessB. Additionally, Business Entity B may not edit or change BusinessService 51. For editing and all other Publishing purposes, only BusinessA has access to Business Service 51.

A Directory Alias system can be utilised to achieve this effect. Analias of Business Service 51 is added to Business Entity B. The alias isa special marker for the Directory server which says in effect ‘whensomeone looks at this alias, show them this other entry over here’.

It means that when the original Service is edited, the changes will bevisible in the projection as well. If the Directory system supportsAlias integrity, which is the case with eTrust Directory, if the serviceis deleted, the projection will automatically be removed as well.

In addition, the Directory server can be configured to show theprojected Business Service twice when it is searched for, once undereach parent. This can be useful when doing searches which need toresolve the parents of a Business Service.

Some situations require that objects in disjoint parts of the Directoryhierarchy maintain a relationship.

An example of this is between Binding Templates and TModels. TModels areused throughout UDDI for various purposes. They are categorization keys,search identifiers, (UDDI) relationship descriptors, and in thisinstance, technical specification ‘fingerprints’. A TModel which is‘attached’ to a BindingTemplate describes a technical specification towhich that BindingTemplate (see FIG. 8) conforms. For example, apublisher might attach a TModel asserting that their Binding Templateconforms to the SOAP 1.1 Standard.

A registry typically contains a finite set of TModels, many of whichwill be referenced by hundreds or even thousands of Binding Templateentries. In some cases the registry will return the details of any‘attached’ TModels with the details of the BindingTemplate.

According to this embodiment of the present disclosure, aprimary/foreign key system such as that utilized in relational databasesystem can be suitably modified and applied. Every TModel stored in theregistry has its own unique (primary) key. A Binding Template referencesa TModel by adding a local (foreign) key which matches the unique key ofthe required TModel. FIG. 7 illustrates an example of this. The servercan then look up the TModel in question if TModel data is needed to bereturned with the Binding Template.

FIG. 6 shows the relationships between a Binding template and TModel.

FIG. 7 shows how the TModel key creates the relationship between the twoentities.

A Publisher Assertion is an important element of a UDDI repository. Asnoted above, it provides users with the ability to discover whichbusiness entities are related to a Business Entity of interest, and howthey are related.

The Publisher Assertion was designed to protect against abuse, with anasserted relationship only becoming visible when the owners of bothbusiness entities involved had asserted the relationship. Thisprotection comes at a cost, in that it complicates the implementation,and necessitates careful design to avoid poor performance.

One problem is integrity. A Publisher Assertion has a more complexlifecycle than any other UDDI construct. It comes into being when theowner of a Business Entity makes an assertion about that business andits relationship to another Business Entity. The owner of the otherBusiness Entity can request a status report and discover what assertionshave been made about their businesses, or they may be notifiedout-of-band. Either way, the owner of the other Business Entity canchoose to make a matching assertion about the relationship between thetwo business entities. At that moment the assertion is complete, andvisible to users calling findRelatedBusinesses. One or both assertionscan be modified or deleted, and the assertion becomes incomplete again,and should no longer be visible. Additionally, the deletion of eitherBusiness Entity should immediately remove the assertion.

The Publisher Assertion objects may be managed in a manner thatmaintains integrity of the assertion.

It is desirable that the owner of a Business Entity be able to make (andremove) assertions about the business entities controlled by that owner.

This embodiment of the present disclosure is predicated upon theassumption that the UDDI repository will be a “read-mostly” store, muchas intended for an x.500 Directory. To this end, the design is optimizedfor better read performance, even at the cost of imposing a heavierburden on writes.

An object class called Publisher Assertion is designed to hold databeyond that required by the UDDI Standard, because of the desirabilityto optimize search performance. The design introduces an operationalattribute, which defines the Publisher Assertion status. The status ofthe assertion is determined at the time of writing to the Directory andin this way need not be determined each time a search is performed.

The present embodiment also uses Pointers in the form of User Keys. Whena Publisher Assertion is written to the Directory the user keys for the“to” and “from” businesses are determined and written into the object.This simplifies the getAssertionStatusReport query, because all that isrequired to generate such a report is to search for a PublisherAssertion that contains the user key of the person who is generating thereport.

In contrast, there would be considerable effort required to generate thereport if it was necessary to query all the business keys under theuser, then look for Publisher Assertions containing those business keys.

One common use of Publisher Assertions is for the discovery of thosebusinesses ‘related’ to a given business. To provide good performancefor that query, the Publisher Assertion(s) relating to a business areplaced as child node(s) of the business.

In addition, the status of each assertion is recorded in the assertionas an operational attribute. This makes it is possible to query just thePublisher Assertions with a status of complete located beneath thecompany of interest. This simplifies the search forfindRelatedBusinesses because the search will recall only thoseassertions which are complete.

To simplify security, all businesses controlled by a user and theirPublisher Assertions may be child nodes under that user's account entry.This implementation enforces access control by only allowing a Useraccess to the sub-tree under the User's account entry.

Note that the operational attribute representing the status is managedby the UDDI implementation. When a user publishes an assertion which hasalready been asserted by another asserted business, the UDDIimplementation will update the status of the other assertion, which isin another sub-tree controlled by the User of the other business. Theaccess controls allow for this.

As an alternative embodiment to storing two Publisher Assertion objects,one under each of the two Business Entities involved, a single PublisherAssertion object is provided in it's own sub-tree. For example, thePublisher Assertion sub-tree can be provided under Repository object(s).When the assertion is initially stored in this case, it is given anincomplete status (for example, tokeyincomplete or fromkeyincomplete,depending on which side asserted it). If the Publisher Assertion isasserted by a complementary user, the status is changed to complete. Ifthe Publisher Assertion is deleted by one of the two, then the status ischanged back to incomplete. If the Publisher Assertion is deleted byboth sides, then the Publisher Assertion object is deleted.Advantageously, this results in just one copy of an assertion, and mostof the maintenance work consists of doing a modify of the singleattribute that holds the status of the assertion.

FIG. 12 illustrates schematically a hierarchy according to an embodimentof the present disclosure. The schematic illustrates both alternatives,where the Publisher Assertion object is placed under Business Entityand/or Repository object.

FIG. 8 illustrates a method to request to add a Publisher Assertion. InStep S80, a determination is made whether the request is valid. If notvalid (No, Step S80), the request fails (Step S92). If the request isvalid (Yes, Step S80), a determination is made whether the request isfrom business ours (Step S82). If it is not from business ours (No, StepS82), a determination is made whether it is to business ours (Step S84).If not to business ours (No, Step S84), the request fails (Step S92). Ifit is to business ours (Yes, Step S84), a determination is made whetherthe assertion is made by from owners (Step S86). If the assertion is notmade by from owner (No, Step S86), an incomplete assertion is written(Step S94). If the assertion is made by from owner (Yes, Step S86), thecomplete assertion is written (Step S96). Returning to Step S82, m if itis determined that the request is from business ours (Yes, Step S82), adetermination is made whether it is to business ours (Step S88). If notto business ours (No, Step S88), a determination is made whether theassertion is made by to owner (Step S90). If the assertion is not madeby the to owner (No, Step S90), the incomplete assertion is written(Step S94). If the result of Step S88 is Yes (To business ours), or theresult of Step S90 is Yes (assertion made by To owner), the completeassertion is written (Step S96).

The next issue deals with how to optimize construction of intermediatesearch result collections during search operations so that bothDirectory access and iterative in-memory operations are minimized,taking into account the Directory storage medium limitations. Inpractice, Directory entries may be stored and returned in arbitraryorder, and Directory results may be too large to sort.

According to an embodiment of the present disclosure, an object-orientedin-memory data storage system coupled with a unique result sortingscheme which sorts intermediate results by Distinguished Name isprovided. This allows one search to return many different types ofobjects—BusinessEntities, BusinessServices, etc—and still allows thesystem to easily construct the correct XML structure for returning thedata to the user. It is to be noted that Web Service interactions are inXML.

A description of such a system will now be described. A UDDIBusinessEntity and any child data elements in the present disclosure arerepresented (partially) in the Directory according to the followinghierarchy: BusinessEntity

-   -   BusinessService        -   BindingTemplate        -   BindingTemplate        -   ServiceName        -   ServiceName    -   BusinessService        -   BindingTemplate        -   BindingTemplate        -   ServiceName        -   ServiceName    -   BusinessName    -   BusinessName    -   BusinessDescription    -   BusinessDescription

Note that ServiceName, BusinessName and BusinessDescription have beendescribed in relation to aspects of the present disclosure dealing withSubstructures and Object Splitting.

The BusinessEntity retrieval code performs a Directory SubTree searchbased upon the unique key of the required Business Entity or businessentities. This search will return the entries found, plus allsub-entries. The Directory Standards do not guarantee any particularorder to the returned entries—or even that sub-entries will immediatelyfollow their parent entry.

Therefore, the retrieval code then sorts the returned entries byDistinguished Name. This guarantees that sub-entries will be orderedafter their parents, and that parent-child relationships can easily bedistinguished. A variety of sorting algorithms can be used. The sortingalgorithm used should exhibit characteristics of high performance in thecase where entries are partially sorted.

The algorithm for results construction is essentially in operation a‘depth-first, left-to-right tree-walk’. It is otherwise known in graphtheory as a ‘postorder traversal’.

The sorted list is passed to the constructor method of a newBusinessEntity object. This object may be, for example, anobject-oriented programming construct designed to represent a UDDIBusiness Entity. The BusinessEntity object contains the code to‘construct itself’ from the data provided in the entry last. The codemoves iteratively through the list, making decisions about each entry.It is understood that the first entry in the list should be the mainentry for the Business Entity itself, and as soon as it finds anotherBusinessEntity it is understood that construction has finished—theordering of the list guarantees this. As soon as it finds aBusinessService or other child entry, an object of the appropriate typeis instantiated and the list is passed to the new object's constructor,along with a pointer telling it where to start in the list.

Each object contains essentially similar processing code to handleconstruction of itself and delegate construction of any child entries toappropriate child objects.

In this way, only a single Directory search need be performed, and theresulting list is handled in an efficient fashion, with every entrybeing processed once. If the list was left in an arbitrary order, orsorted in some other fashion, the list would have to be processed inmultiple passes to correctly construct a UDDI hierarchy from theresulting entries.

Delegation of construction and list processing to the differentprogramming objects in the hierarchy keeps the processing code to acomparatively small size, making it more efficient and ultimatelyfaster.

FIG. 9 illustrates programming constructs (objects), including arepresentation of the sorted entry list. A determination is made whetherthere are any further items in a list of items. If there are noadditional items (No, Step S100), the process exits (Step S118). Ifthere are additional items (Yes, Step S100), the next item in the listis retrieved (Step S102). A determination is then made whether the itemis of this object type. If the item is of this object type (Yes, StepS104), the object attributes are set based on the item (Step S106) andthe process returns to Step S100. If it is not of this object type (No,Step S104), a determination is made whether an item of this object typehas been processed yet (Step S108). If the item of this object type hasnot yet been processed (No, Step S108), the process returns to StepS100. If an item of this object type has been processed (Yes, StepS108), a determination is made whether the item is an intrinsiccomponent of this object (e.g., Name, Description, etc.). If it is anintrinsic component (Yes, Step S110), the item is added to the objectattribute and extra processing may be performed (Step S112) and theprocess returns to Step S100. If it is not an intrinsic component (No,Step 110), a determination is made whether the item is a child object ofthis object (e.g., BusinessService if this is a BusinessEntity). If itis a child object (Yes, Step S114), the system instantiates an object ofthe correct type, and passes the list of items to a constructor (StepS116) and the process returns to Step S100. If it is not a child object(No, Step S114), the process returns to Step S100.

The following ‘real word’ example demonstrates the kind of arbitraryordering an LDAP Directory might be expected to return.SearchResultEntry objectName:businessKey=1ba3034aeef738da00eef78599fe00004,userKey= 1ba3034aedb9154900edb915491c0001,o=CA attributes type: objectClass value:businessEntity type: businessKey value: 1ba3034aeef738da00eef78599fe0004SearchResultEntry objectName:descriptionKey=1ba3034aeef738da00eef786302b0008, businessKey=1ba3034aeef738da00eef78599fe0004,userKey=1ba3034aedb9154900edb915491c 0001,o=CA attributes type objectClass value uddiDescription SearchResultEntryobjectName: serviceKey=1ba3034aeef738da00eef789707f000c,businessKey=1ba3034aeef738da00eef78599fe0004,userKey=1ba3034aedb9154900edb915491c0001,o=CA attributes type: objectClass value: businessServiceSearchResultEntry object Name:nameKey=1ba3034aeef738da00eef78970da000d,serviceKey=1ba3034aeef738da00eef789707f000c,businessKey=1ba3034aeef738da00eef78599fe0004,userKey=1ba3034ae db9154900edb915491c0001,oCA attributestype: objectClass value: businessServiceName SearchResultEntryobjectName:CbindingKey=1ba3034aeef738da00eef7899fb7000e,serviceKey=1ba3034aeef738da00eef789707f000c,businessKey=1ba3034aeef738da00eef78599fe0004,userKey=1ba303 4aedb9154900edb915491c0001,o=CA attributes type:objectClass value: bindingTemplate SearchResultEntry objectName:nameKey=1ba3034aeef738da00eef7862fe50007,businessKey=1ba3034 aeef738da00eef78599fe0004,userKey=1ba3034aedb9154900edb915491c0001, o=CAattributes type: objectClass value: businessEntityName

List 1—The Name entry highlighted in bold is a leaf of theBusinessEntity entry at the top of the list, and it would be useful ifit appeared before the BusinessService entry and other branch-childrenof the BusinessEntity. However, it appears at the end of the list, whichforces any processing code to search the entire list to ensure alldirect children of the BusinessEntity have been processed. This may notbe the most efficient.

Accordingly, a version of the same data which has been sorted accordingto the rules formulated according to an embodiment of the presentdisclosure: SearchResultEntry objectName:businessKey=1ba3034aeef738da00eef78599fe0004,userKey=1ba3034aedb9154900edb915491c0001.o=CA attributes type: objectClass value:businessEntity type: businessKey value: 1ba3034aeef738da00eef78599fe0004SearchResultEntry object Name:descriptionKey=1ba3034aeef738da00eef786302b0008,businessKey=1ba3034aeef738da00eef78599fe0004,userKey=1ba3034aedb9154900edb915491c0001,o=CA attributes type: objectClass value: uddiDescriptionSearchResultEntry objectName:nameKey=1ba3034aeef738da00eef7862fe50007,businessKey=1ba3034 aeef738da00eef78599fe0004,userKey=1ba3034aedb9154900edb915491c0001,o= CAattributes type: objectClass value: businessEntityName SearchResultEntryobjectName:serviceKey=1ba3034aeef73Bda00eef789707f000c,businessKey=1ba3034aeef738da00eef78599fe0004,userKey=1ba3034aedb9154900edb915491c 0001,o=CAattributes type: objectClass value: businessService SearchResultEntryobject Name:bindingKey=1ba3034aeef738da00eef7899fb7000e,serviceKey=1ba3034aeef738da00eef789707f000c,businessKey=1ba3034aeef738da00eef78599fe0004,userKey=1ba303 4aedb9154900edb915491c0001,o=CA attributes type:objectClass value: bindingTemplate SearchResultEntry objectName:nameKey=1ba3034aeef738da00eef78970da000d,serviceKey=1ba3034aeef738da00eef789707f000c,businessKey=1ba3034aeef738da00eef78599fe0004,userKey=1ba3034ae db9154900edb915491c0001,o=CA attributes type:objectClass value: businessServiceName

As the present disclosure may be embodied in several forms withoutdeparting from the spirit of the essential characteristics of thedisclosure, it should be understood that the above described embodimentsare not to limit the present disclosure unless otherwise specified, butrather should be construed broadly within the spirit and scope of thedisclosure as defined in the appended claims. Various modifications andequivalent arrangements are intended to be included within the spiritand scope of the disclosure and appended claims.

1. A method for use in a Web Services system comprising: providing access to a data repository; and providing shadow attributes for use in conducting searches of the data repository.
 2. The method as recited in claim 1, wherein the shadow attributes store values case insensitively.
 3. The method as recited in claim 1, further comprising searching the shadow attributes according to a matching rule.
 4. The method as recited in claim 1, wherein an attribute representing an operator of the repository is not stored as an attribute.
 5. The method as recited in claim 1, further comprising storing an operational attribute based on a pre-calculated operation.
 6. The method as recited in claim 5, wherein the operational attribute relates to at least one of deleted Users and Service Projection status.
 7. A computer recording medium including computer executable code for performing a method for use in a Web Services system comprising: code for providing access to a data repository; and code for providing shadow attributes for use in conducting searches of the data repository.
 8. The computer recording medium as recited in claim 7, wherein the shadow attributes store values case insensitively.
 9. The computer recording medium as recited in claim 7, further comprising code for searching the shadow attributes according to a matching rule.
 10. The computer recording medium as recited in claim 7, wherein an attribute representing an operator of the repository is not stored as an attribute.
 11. The computer recording medium as recited in claim 7, further comprising code for storing an operational attribute based on a pre-calculated operation.
 12. The computer recording medium as recited in claim 11, wherein the operational attribute relates to at least one of deleted Users and Service Projection status. 